World-readable permissions for /etc/nullmailer/remotes in Gentoo Nullmailer package before 1.11-r2 allow unauthorized access to SMTP authentication credentials

World-readable permissions for /etc/nullmailer/remotes in Gentoo Nullmailer package before 1.11-r2 allow unauthorized access to SMTP authentication credentials

CVE-2013-4223 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.

Learn more about our Cis Benchmark Audit For Debian Family Linux.